<html>
<head><meta charset="utf-8"><title>Understanding `Neglects` that have to be `unsafe` · project-safe-transmute · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/index.html">project-safe-transmute</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html">Understanding `Neglects` that have to be `unsafe`</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="217192816"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217192816" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> scottmcm <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217192816">(Nov 18 2020 at 20:33)</a>:</h4>
<p>First, sorry if I overlooked something in the RFC.  Definitely point me at an existing conversation if appropriate.</p>
<p>I don't feel like I understand the motivation for the safe transmute APIs that are <code>unsafe</code> to call, like neglecting validity.  Related:</p>
<p><span class="user-mention silent" data-user-id="219211">Jack Wrenn</span> <a href="#narrow/stream/216762-project-safe-transmute/topic/UnstableTransmuteFrom/near/217191665">said</a>:</p>
<blockquote>
<p>The combinations we don't expose are cases where the only recourse for end-users is a <em>totally</em> unchecked transmutation.</p>
</blockquote>
<p>Once it has to be <code>unsafe</code>, this doesn't intuitively seem unreasonable to me.  Especially given that one would still be able to use trait bounds for the safety of whatever you're not checking.</p>
<p>Like I might picture something like <code>fn alignment_checked_cast&lt;T, U&gt;(&amp;T) -&gt; &amp;U where T: SafeTransmuteInto&lt;U&gt;</code>.  And yes, that has to use pointer casts and other internal stuff internally, but it would have to use unsafe to do it with a Neglect anyway.</p>



<a name="217194848"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217194848" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jack Wrenn <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217194848">(Nov 18 2020 at 20:51)</a>:</h4>
<p><code>NeglectValidity</code> isn't so much a "safe transmute API" as it is a <em>safer</em> transmute API. Eventually, I'd like to see the <em>totally unsafe</em> transmute APIs (e.g., <code>mem::transmute</code>) deprecated altogether. <code>&amp;T::unsafe_transmute_from(&amp;u)</code> with mismatched alignments will compile-error unless you've written the <code>where</code> bound <code>T: TransmuteFrom&lt;U, NeglectAlignment&gt;</code>. In contrast, <code>mem::transmute</code> won't.</p>



<a name="217196273"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217196273" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> scottmcm <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217196273">(Nov 18 2020 at 21:02)</a>:</h4>
<p>I guess that's the disconnect -- I don't see <code>mem::transmute</code> or <code>mem::transmute_copy</code> ever getting deprecated, really.  They'll always be able to be written with pointer casts or unions, so taking the name away (that already has a pretty strong social pressure against using) might just make it harder to audit against.  It reminds me of how <code>mem::zeroed()</code> was undeprecated because making people write <code>MaybeUninit::zeroed().assume_init()</code> instead didn't actually help (unlike <code>mem::uninitialized</code>, where the new way is way more likely to be sound).</p>
<p>I'd love to see "you could write this with safe-transmute" lints, though, as well as wrappers in <code>core</code> for things like safe alignment-checked casts.  Safe transmute will be able to make a safe version of <code>[T]::align_to</code>, which is epic.  (And Ralf's been doing good work to make "can't ever be correct" transmutes abort, which helps avoid some of its worst abuses.)</p>



<a name="217203236"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217203236" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217203236">(Nov 18 2020 at 22:08)</a>:</h4>
<p><span class="user-mention" data-user-id="125270">@scottmcm</span> It's not that we'd delete <code>mem::transmute</code>. It's that hopefully <code>mem::transmute</code> becomes "only use this if you're doing something that can't possibly be made safe".</p>



<a name="217203433"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217203433" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jack Wrenn <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217203433">(Nov 18 2020 at 22:10)</a>:</h4>
<p>I'd take that a tiny bit further: it's "only use this if you're doing something that can't be made <em>safer</em>" (The <code>Neglect</code> system forces you to declare which static guarantees you're neglecting and taking upon yourself to enforce.)</p>



<a name="217205445"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217205445" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217205445">(Nov 18 2020 at 22:26)</a>:</h4>
<p>"can't be made safer" is fair, yes. We <em>could</em> potentially introduce new <code>Neglect</code> mechanisms if there's a "safe except for" we could define.</p>



<a name="217205463"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217205463" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217205463">(Nov 18 2020 at 22:27)</a>:</h4>
<p>I was thinking of things like "safe except you're reading padding".</p>



<a name="217205511"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217205511" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217205511">(Nov 18 2020 at 22:27)</a>:</h4>
<p>Oh, hmmm, that makes me think of an interesting issue.</p>



<a name="217205569"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217205569" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217205569">(Nov 18 2020 at 22:28)</a>:</h4>
<p>The whole "transmute then validate" thing I was suggesting earlier doesn't work with enum/bool/etc. It only works if you have library/type invariants that aren't language-level invariants.</p>



<a name="217205866"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217205866" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jack Wrenn <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217205866">(Nov 18 2020 at 22:31)</a>:</h4>
<p>Yeah, you need to validate, <em>then</em> transmute. I recall <span class="user-mention" data-user-id="120791">@RalfJ</span> making this point on the RFC, I think.</p>



<a name="217223240"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217223240" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217223240">(Nov 19 2020 at 02:35)</a>:</h4>
<p>That's a little painful, though. That means you kinda want an intermediate type that parses out fields for validation.</p>



<a name="217223295"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217223295" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217223295">(Nov 19 2020 at 02:36)</a>:</h4>
<p>For instance, if you need to parse an enum, the intermediate type would have an appropriately sized unsigned integer there.</p>



<a name="217223513"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217223513" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jack Wrenn <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217223513">(Nov 19 2020 at 02:40)</a>:</h4>
<p>Yeah, that's the approach an early version of typic took (before I ripped fallible transmutations out to focus on just infallible transmutations). I look forward to experimenting in that space again.</p>



<a name="217223591"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217223591" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jack Wrenn <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217223591">(Nov 19 2020 at 02:42)</a>:</h4>
<p>Whereas infallible transmutation has a very clear runtime semantics (equivalent to memcpy), there's a ton of design space to explore with infallible transmutations around error reporting tradeoffs.</p>



<a name="217233122"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217233122" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> scottmcm <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217233122">(Nov 19 2020 at 06:12)</a>:</h4>
<p>Transmute-then-validate would only be for library invariants, yeah.</p>
<p>Kinda reminds of the Archetype idea.  A no-validity-invariant version of a type as a stepping stone is interesting...</p>



<a name="217300510"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217300510" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217300510">(Nov 19 2020 at 17:10)</a>:</h4>
<p>in some sense <code>MaybeUninit&lt;T&gt;</code> provides exactly that for any <code>T</code></p>



<a name="217316273"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217316273" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217316273">(Nov 19 2020 at 19:13)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> Not in a way that you could read to validate, though.</p>



<a name="217316679"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217316679" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217316679">(Nov 19 2020 at 19:15)</a>:</h4>
<p>If you have a <code>MaybeUninit&lt;bool&gt;</code> that you transmuted into from arbitrary memory, how would you check it to see if it's 0 or 1 before turning it into a <code>bool</code>?</p>



<a name="217317912"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217317912" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217317912">(Nov 19 2020 at 19:24)</a>:</h4>
<div class="codehilite" data-code-language="Rust"><pre><span></span><code><span class="sd">//! Safety precondition: `x` must point to initialized memory (but it does not have to be a valid bool)</span>
<span class="k">unsafe</span><span class="w"> </span><span class="k">fn</span> <span class="nf">validate_bool</span><span class="p">(</span><span class="n">x</span>: <span class="kp">&amp;</span><span class="nc">MaybeUninit</span><span class="o">&lt;</span><span class="kt">bool</span><span class="o">&gt;</span><span class="p">)</span><span class="w"> </span>-&gt; <span class="nb">Option</span><span class="o">&lt;</span><span class="kt">bool</span><span class="o">&gt;</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">  </span><span class="kd">let</span><span class="w"> </span><span class="n">ptr</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">x</span><span class="p">.</span><span class="n">as_ptr</span><span class="p">()</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="o">*</span><span class="k">const</span><span class="w"> </span><span class="kt">u8</span><span class="p">;</span><span class="w"></span>
<span class="w">  </span><span class="kd">let</span><span class="w"> </span><span class="n">val</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">ptr</span><span class="p">.</span><span class="n">read</span><span class="p">();</span><span class="w"></span>
<span class="w">  </span><span class="k">match</span><span class="w"> </span><span class="n">val</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">    </span><span class="mi">0</span><span class="w"> </span><span class="o">=&gt;</span><span class="w"> </span><span class="nb">Some</span><span class="p">(</span><span class="kc">false</span><span class="p">),</span><span class="w"></span>
<span class="w">    </span><span class="mi">1</span><span class="w"> </span><span class="o">=&gt;</span><span class="w"> </span><span class="nb">Some</span><span class="p">(</span><span class="kc">true</span><span class="p">),</span><span class="w"></span>
<span class="w">    </span><span class="n">_</span><span class="w"> </span><span class="o">=&gt;</span><span class="w"> </span><span class="nb">None</span><span class="p">,</span><span class="w"></span>
<span class="w">  </span><span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>



<a name="217317931"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217317931" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217317931">(Nov 19 2020 at 19:25)</a>:</h4>
<p>or maybe I am misunderstanding what it is you want to achieve</p>



<a name="217317992"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217317992" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217317992">(Nov 19 2020 at 19:25)</a>:</h4>
<p>there is no way to check, at runtime, if arbitrary memory is a valid <code>bool</code></p>



<a name="217318012"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217318012" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217318012">(Nov 19 2020 at 19:25)</a>:</h4>
<p>since it is fundamentally impossible to check "is this memory initialized"</p>



<a name="217318189"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217318189" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217318189">(Nov 19 2020 at 19:26)</a>:</h4>
<p>this is the downside of having optimizations that exploit the "unstable" nature of uninitialized memory</p>



<a name="217318680"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217318680" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217318680">(Nov 19 2020 at 19:30)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> <code>x.as_ptr() as *const u8</code> is exactly the kind of thing that safe-transmute is trying to avoid.</p>



<a name="217318888"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217318888" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217318888">(Nov 19 2020 at 19:31)</a>:</h4>
<p>Ideally, it'd be possible to use a safe-transmute plus a validation step to safely turn arbitrary bytes into a <code>Result&lt;SomeStruct&gt;</code> for which some fields of <code>SomeStruct</code> have enum/bool/etc types for which not all values are valid.</p>



<a name="217319395"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217319395" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jack Wrenn <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217319395">(Nov 19 2020 at 19:34)</a>:</h4>
<p><span class="user-mention" data-user-id="239881">@Josh Triplett</span> there's <a href="https://github.com/rust-lang/rfcs/blob/ee1204c23320c33437107ff222e09afd9d5fef1d/text/0000-safer-transmute.md#neglectvalidity">this example of <code>NeglectValidity</code> in the RFC</a> that demonstrates how might one do something like this.</p>



<a name="217319407"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217319407" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217319407">(Nov 19 2020 at 19:35)</a>:</h4>
<p>I am very puzzled. clearly this requires some kind of code to perform the conversion and checking, invoked by appropriate traits or so. Above I gave the implementation of that trait for <code>bool</code>.</p>



<a name="217319636"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217319636" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217319636">(Nov 19 2020 at 19:36)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> The goal would be to avoid the <code>unsafe</code>.</p>



<a name="217319720"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217319720" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Josh Triplett <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217319720">(Nov 19 2020 at 19:37)</a>:</h4>
<p>I don't think that's possible with <code>MaybeUninit</code>.</p>



<a name="217325634"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217325634" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217325634">(Nov 19 2020 at 20:24)</a>:</h4>
<p>I thought the goal would be to write that unsafe code once and for all or have it auto-generated?</p>



<a name="217325645"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217325645" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217325645">(Nov 19 2020 at 20:24)</a>:</h4>
<p>the code needs to come from somewhere...</p>



<a name="217330571"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217330571" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217330571">(Nov 19 2020 at 21:09)</a>:</h4>
<p>I think in safe-transmute context the function <code>validate_bool</code> could take a <code>&amp;u8</code> instead of a <code>&amp;MaybeUninit&lt;bool&gt;</code> to reflect that it is initialized but not necessarily valid</p>



<a name="217330634"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217330634" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217330634">(Nov 19 2020 at 21:10)</a>:</h4>
<p>and I guess the conversion already exists and is called <code>try_into</code></p>



<a name="217330963"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217330963" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217330963">(Nov 19 2020 at 21:13)</a>:</h4>
<p>actually I am surprised to find that there is no <code>impl TryFrom&lt;u8&gt; for bool</code></p>



<a name="217339749"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217339749" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> scottmcm <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217339749">(Nov 19 2020 at 22:29)</a>:</h4>
<p>Probably it's the usual "don't cast it, use <code>!= 0</code>" -- you can't <code>1_u8 as bool</code> either.</p>



<a name="217339895"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217339895" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> scottmcm <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217339895">(Nov 19 2020 at 22:30)</a>:</h4>
<p>That said, it turns out (surprisingly to me given the <code>as</code>) that we have <code>u8: From&lt;bool&gt;</code>, so given that I'm in favour of <code>bool: TryFrom&lt;u8&gt;</code> to be the inverse.</p>



<a name="217340041"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217340041" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217340041">(Nov 19 2020 at 22:32)</a>:</h4>
<p>well here we don't want the <code>!= 0</code> conversion, we want to compare to 0 and 1 and return none otherwise</p>



<a name="217340293"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217340293" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> scottmcm <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217340293">(Nov 19 2020 at 22:34)</a>:</h4>
<p>Well you could probably make a PR soon and get it in 1.51  (err, where it = that <code>bool: TryFrom&lt;u8&gt;</code>)</p>



<a name="217340470"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217340470" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217340470">(Nov 19 2020 at 22:36)</a>:</h4>
<p>oh hey, 1.48 released today</p>



<a name="217340532"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/216762-project-safe-transmute/topic/Understanding%20%60Neglects%60%20that%20have%20to%20be%20%60unsafe%60/near/217340532" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Mario Carneiro <a href="https://rust-lang.github.io/zulip_archive/stream/216762-project-safe-transmute/topic/Understanding.20.60Neglects.60.20that.20have.20to.20be.20.60unsafe.60.html#217340532">(Nov 19 2020 at 22:36)</a>:</h4>
<p>one moment while I put intra-doc links on all my projects :)</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>